There is nothing shocking regarding the FBI’s recent reversal of their advice to victims of ransomware. In the past, the party line was to submit to demands and pay up. Those that understand the motivations of extortionists have long seen this change of direction from the Bureau looming. There are only two rules the bad guys live by: “Don’t get caught and profit while you can.”
These campaigns aren’t designed to be long-term efforts; they are sweeping initiatives meant to affect as many victims as possible. The longer the criminals are operational, the greater chance their tactics will tip their hand and lead to the destruction of their methods, and potentially unveiling identities.
So, obviously, without a technical solution to recover locked files, the right answer for many victimized organizations in the early onset of the ransomware era was to cooperate and work with the criminals to access data. Today, the cost has escalated enough to become problematic, and many of the extortionists have begun to stop fulfilling their end of the bargain by releasing ransomed files as promised.
The change in tactics by perpetrators had to come eventually. We were all warned, we all saw webinars and whitepapers on the topic ad nauseam, and everyone paying attention should have had protections and policies in place.
As a refresher, to avoid being ensnared by ransomware, double check your backup strategy. Immediately. If this first step is conducted properly, you can comfortably refuse payment to the attackers, and minimize the impact to you or your company.
Ultimately, if you didn’t take steps to protect data, there is no one else to blame. As the adage goes – “Fool me once, shame on you. Fool me twice, shame on me.”
If all users make the effort to minimize the impact that ransomware could have on their organization, there will be decreased profit to attackers. This, in turn, can alter the decision to commit these crimes because of smaller payouts that still have equal or greater risk.
Everyone in cyber security can hope that the message has been heard loud and clear and that proper actions are being taken to stop ransomware. This now appears to become a waiting game. We’ll have to stand by to see who steps up to the plate and how the landscape will evolve – will the good guys, or the ransomware guys gain the new high ground?
By proclaiming that ransoms shouldn’t be paid, the FBI is helping to make the endeavor less attractive overall. With every payment, criminals were emboldened. Now, there will not be a pseudo-endorsement to conduct these campaigns from one of the most powerful law enforcement agencies in the world.
I support this position and salute the FBI for advising to say no to payments. Presenting a unified front between cyber security pros and law enforcement with a goal to stop out this crime will at the very least make it less profitable. And, that’s a very good thing.